Whenever a cyber attack takes place, it targets devices and networks primarily. However, criminals exploit human behavior and capitalize on human errors to make their cyber attacks successful. Different surveys and statistical reports over the years suggest that human error is behind more than 90% of cybersecurity breaches. If we investigate the human error in the backdrop of cybersecurity breaches in organizations, it comes down to how staff members use their work computers.
Poor workstations habits and lack of any policy and relevant training by organizations lead to scenarios where they fall victim to cybersecurity breaches due to human error.
If an enterprise wants to minimize its chances of experiencing a cyber breach, it has to educate and train its employees on the dos and don’ts of using workstations. Since those don’t are discussed very rarely, we will focus on them in this post.
Here, we will list down things that employees should avoid doing on workstations. Organizations should make these points part of their workshops on cybersecurity. Employees reading this article should also try to improve their use of workstations in light of the following discussion.
1. Storing/Saving Passwords in the Browser
Web browser developers introduced the feature of storing/saving passwords for users’ convenience. There is no doubt that logging into the same account or application time and again within a single working day can be frustrating. The password store/save option of a web browser makes this continuous logging-in activity hassle-free.
However, this convenient feature has a flip side as well, i.e., if the device is compromised with active malware, the hackers can easily take control of all those accounts that have passwords saved/stored in the browser. Therefore, a good practice is to never save and store passwords of the company and personal accounts you use on your workstation.
A fleeting frustration of repeatedly entering a password is a worthy tradeoff of a compromised or permanently lost account.
2. Downloading Files from Untrusted Websites and Emails
Many times, malware enters an organizational network through a corrupted file downloaded on any of the connected devices. In other words, an employee downloading a file from an untrusted source can put the security of the entire organizational system and network into jeopardy. Therefore, a continuous messaging is needed to put across among the workforce that:
- Never download a file from any random website with a URL that doesn’t have HTTPS
- Never download any attachment from any email sent by an unknown user no matter if the body of the email and the ID appear thoroughly professional.
You need to provide a list of web sources that employees can use for downloading needed files and data. Moreover, organizations should use any good internal communication software to reduce the chances of phishing attempts.
3. Installing Remote Access Software
Remote access software is another application developed for the convenience of users. However, it can create a huge security loophole in the backdrop of the organization’s network and system security. An organization must make a clear policy that bars employees from using third-party remote access software on their own.
Unchecked and unsanctioned use of remote access applications only means that there’s a cybersecurity disaster in the making. Instead, an organization should work out a plan to introduce a standardized and secure procedure to provide remote access to all its employees. By doing this, the IT team of the organization will remain in better control of cybersecurity.
4. Plugging in USB Device and Phones
Organizations need to ensure that no external unvetted device is connected to any access point of its network; this is important to guarantee a highly sterilized digital working environment. However, we all know that it is quite common for employees to plug in their personal devices to their workstations without any prior security tests and check.
Personal USB sticks and smartphones with poor security features can contain various malevolent codes, from malware to keyloggers. Those viruses and bugs might not affect how employees use their phones or USB. However, the same malicious program can become quite lethal after getting access to the organizational network environment.
5. Using File-Sharing Websites
File-sharing websites come in quite handy in providing employees relevant material for their work. However, like an unsecured website, a file-sharing website is also a tricky rope to tread. You never know which file on those platforms contains underlying bugs and malware and unfold a disaster for the organizational network and system.
In short, you need to avoid using file-sharing websites.
6. Connecting to a Public Wi-Fi
If employees have work laptops and are working from remote locations, they must know that they can’t connect their devices to public Wi-Fi. Those internet hotspots are also hotspots of cybercriminal activity. From ransomware to a network eavesdropping bug, a device can get infected by a host of malevolent programs after using public Wi-Fi. Employees must understand that using free internet can’t be prioritized over the security of the organizational network.
7. Using an Unauthorized Third-Party Program and Application
Employees have to refer to several third-party offline and online programs and applications while working on different projects. Many times, they use online programs and tools that the IT team of the organization might not approve of due to their weak security protocols at the backend. Therefore, the IT security team or an MSP should vet the third-party programs and applications that employees can use on their workstations.
Organizations are always the preferred targets of cybercriminals because of the promised gains of attacking them. Therefore, organizations must work on every front for the improvement of network and system security. Educating employees on what not to do on their workstations is an integral part of that effort because human error lies at the foundation of most successful cyber attacks.
Whether you want to bolster the network security of your organization or want to train your employees on how to use their devices in the most security-savvy manner, get in touch with Microsys. From IT infrastructure to cybersecurity and corporate software deployments, the firm can help in various capacities to improve the digital proficiency of your business.